Brata Analysis

IOB - Indicator of Behavior (48)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	40
it	2
zh	2
jp	2
ru	2

Country

us	46

Actors

BRATA	1

Activities

Interest

Timeline

Type

Not Defined	12
Programming Tool Software	2
Auction Software	2
Application Server Software	2
Cloud Software	2

Vendor

Not Defined	8
Oracle	2
Softbiz	2
Containous	2
Nextcloud	2

Product

libdwarf	2
Website Auction Marketplace	2
Pligg	2
Oracle WebLogic Server	2
Softbiz FAQ Script	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.04	0.01621	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	1.13	0.00954	CVE-2010-0966
3	Apple Mac OS X Server Wiki Server sql injection	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	2.45	0.00339	CVE-2015-5911
4	Pligg cloud.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	1.55	0.00000
5	Tiki TikiWiki tiki-editpage.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.01673	CVE-2004-1386
6	Oracle Solaris Utility Local Privilege Escalation	7.7	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00043	CVE-2023-21985
7	TikiWiki tiki-register.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	10.00	0.00793	CVE-2006-6168
8	Francisco Burzi PHP-Nuke File case.filemanager.php privileges management	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00575	CVE-2001-0854
9	Mattermost API Endpoint allocation of resources	4.2	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00044	CVE-2022-4045
10	libdwarf ELF File null pointer dereference	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00272	CVE-2015-8750
11	Lanner IAC-AST2500A spx_restservice KillDupUsr_func out-of-bounds write	9.9	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00096	CVE-2021-26728
12	Spiffy Calendar Plugin Event resource injection	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00061	CVE-2022-29434
13	Armada Design Master Index search.cgi path traversal	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.02236	CVE-2000-0924
14	phpBB viewtopic.php preg_replace file inclusion	7.3	7.3	$0-$5k	$0-$5k	High	Not Defined	0.06	0.19004	CVE-2005-2086
15	Cisco ASA SNMP Service memory corruption	8.8	8.6	$25k-$100k	$0-$5k	High	Official Fix	0.03	0.97460	CVE-2016-6366
16	Oracle WebLogic Server JSF access control	8.3	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	0.00152	CVE-2018-2935
17	Containous Traefik API improper authentication	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00158	CVE-2018-15598
18	Nextcloud Lookup-Server sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01	0.00138	CVE-2019-5476
19	Zoho ManageEngine ADSelfService Plus Self-Update Layout cross site scripting	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00149	CVE-2018-20484
20	Website Auction Marketplace search.php sql injection	8.5	8.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04	0.00288	CVE-2017-17592

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	51.83.225.224		Brata	08/04/2022	verified	High
2	XX.XX.XXX.XXX		Xxxxx	08/04/2022	verified	High
3	XXX.XX.XXX.XXX		Xxxxx	10/07/2022	verified	High
4	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxxx	08/14/2022	verified	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Pathname Traversal	predictive	High
2	T1059	CWE-94	Cross Site Scripting	predictive	High
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx Xxxxxxx	predictive	High
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	add_comment.php	predictive	High
2	File	case.filemanager.php	predictive	High
3	File	cloud.php	predictive	Medium
4	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
5	File	xxx/xxxxxx.xxx	predictive	High
6	File	xxxxxx.xxx	predictive	Medium
7	File	xxxxxx.xxx	predictive	Medium
8	File	xxxx-xxxxxxxx.xxx	predictive	High
9	File	xxxx-xxxxxxxx.xxx	predictive	High
10	File	xxxxxxxxx.xxx	predictive	High
11	File	xxxxxx.xxx	predictive	Medium
12	Argument	$xxx_xxxx	predictive	Medium
13	Argument	--xxx	predictive	Low
14	Argument	xxxxxxxx	predictive	Medium
15	Argument	xxxxxxxx	predictive	Medium
16	Argument	xxxxxxxxxx	predictive	Medium
17	Argument	xxx_xx	predictive	Low
18	Argument	xx	predictive	Low
19	Input Value	xxxxx.xxx	predictive	Medium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

https://bazaar.abuse.ch/sample/400cdf9d2ba1c5b5ffb511f840c9e174dbd35de2ddf58bd33392901a6c0f20ce/

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!